216.73.217.139

Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

· Published 31/10/2024 19:46 · Modified 01/11/2024 17:26

Export JSON

Essential information

Published
31/10/2024 19:46
Modified
01/11/2024 17:26
Tags
2024-10-31 CVE-2020-12271 CVE-2020-15069 CVE-2020-29574 CVE-2022-1040 CVE-2022-1292 CVE-2022-3236 asia-pacific targets asnarök backdoors china-based threat actors cloud snooper critical-infrastructure gh0st rat government agencies libsophos.so onderon perimeter devices rootkits sliver zero-day vulnerabilities
Related entities
8 malware, 11 others

Description

Sophos unveils a five-year investigation tracking targeting , particularly Sophos firewalls. The report details multiple attack campaigns, including , Bookmark Buffer Overflow, and Covert Channels, which exploited to gain access and deploy various malware payloads. The attackers demonstrated sophisticated tactics, techniques, and procedures, including the use of , , and novel persistence mechanisms. The campaigns evolved from indiscriminate attacks to highly targeted operations against , critical infrastructure, and strategic industries, primarily in the Asia-Pacific region. Sophos' defensive efforts included rapid patching, threat hunting, and collaboration with international cybersecurity agencies and researchers.

External references